Boxes and Arrowshttp://www.boxesandarrows.co.uk
SharePoint, Azure and PhotographyMon, 14 Apr 2014 12:14:08 +0000en-UShourly1https://wordpress.org/?v=3.8.28Heartbleed – How does it affect Microsoft Products?http://www.boxesandarrows.co.uk/heartbleed-how-does-it-affect-microsoft-products/
http://www.boxesandarrows.co.uk/heartbleed-how-does-it-affect-microsoft-products/#commentsMon, 14 Apr 2014 12:14:08 +0000http://www.boxesandarrows.co.uk/?p=463read more]]>At the beginning of April, a CVE (Common Vulnerabilities and Exposure) notice was posted which gave the world visibility of a bug in the OpenSSL software library which could potentially be used to steal information which was thought to be secure. Although Microsoft products are not affected by this vulnerability as they use a different SSL implementation, there are potential implications of Heartbleed which must be considered if you’ve implemented SSL on a Microsoft product.

I’ve heard noise about Heartbleed. Tell me about it.
You’re right, there’s a lot of talk on the internet at the moment about big name, famous services patching their OpenSSL implementations so they are no longer vulnerable to Heartbleed (for a full description of how this vulnerability take a look at heartbleed.com), and there’s also a big uncertainty because nobody as yet has shown an attack in the wild which has utilised Heartbleed as the attack vector. However this is being taken very seriously because the Heartbleed attack is ‘stealthy’, it’s difficult to detect, and could have been ongoing for a long time.

OK it does sound a little serious, what can people steal?
Heartbleed can not only theoretically lead to the exposure of usernames and passwords – and you’ll see loads of news, tweets and Facebook posts about changing your password – it can leak the secret keys used to make the SSL certificates we’ve relied on for years to keep our web traffic safe. If a hacker can gain these secret keys, he can pretend to be your site or decrypt the secure traffic to and from your site.

But you said Microsoft products don’t use OpenSSL?
That’s right. Microsoft have their own implementation of software to enable secure communications, it’s called Secure Channel. However, the certificates used to protect communications to a Microsoft channel can still be compromised by Heartbeed.

Tell me more…
OK – it goes like this. SSL certificates are expensive to acquire and to manage. Lots of people use a few features in the standard which defines how these things work so that they can secure many servers with one certificate. When you request a certificate you can add fields called ‘Subject Alternate Names’ to these (basically a list of aliases) so that you can use one certificate for many services, or you could also purchase a wildcard certificate that can be used to protect any server in your domain. There are pros and cons to each of these methods, but that’s not for discussion here.

So why does that make my SharePoint server vulnerable to Heartbleed?
It doesn’t – however if you’re securing your SharePoint server with a wildcard certificate, or a certificate that has SANs in it, and that certificate has also been used on a server running a vulnerable version of OpenSSL, your certificates could have been compromised.

Which means?
The upshot of this is that secure traffic to your SharePoint, Exchange, CRM, or IIS hosted app could be compromised!

I don’t like the sound of that! What can I do?
Fortunately there’s an easy way to ensure that your secure communications are once again secure. Once you’ve made sure that any service you have that’s running OpenSSL has been patched and made secure, you can ask the Certificate Authority who issued your certificates to revoke these old ones and issue new. Fortunately that’s normally a process you can undertake from their web portals, and should only take a few minutes to generate.

]]>http://www.boxesandarrows.co.uk/heartbleed-how-does-it-affect-microsoft-products/feed/030 days with a Lumia 925. A switcher’s talehttp://www.boxesandarrows.co.uk/30-days-with-a-lumia-925-a-switchers-tale/
http://www.boxesandarrows.co.uk/30-days-with-a-lumia-925-a-switchers-tale/#commentsTue, 18 Feb 2014 12:26:08 +0000http://www.boxesandarrows.co.uk/?p=444read more]]>I’ve recently been sent three Lumia handsets by Nokia to trial in our business. I’ve decided that I’m going to utterly take the plung and dive in to Windows Phone, how long am I going to be able to leave my iPhone 5 turned off for?

Day One – The Lumia 925 arrives

Cool. A big box of handsets has arrived from Nokia. A 520, a 625 and a 925. I’ve got the SIM out of my iPhone 5 – first fumble, we’re going to need a Nano-Micro SIM adapter. £2 from the local phone shop later, and we’re running. However our office is in a basement, and whereas the iPhone can just about hold a signal and make and receive calls, the Lumia is really struggling with any kind of network connectivity down here.

A big box of phones from Nokia

Of course, it needed an update

Having managed to get the phone connected to our WiFi network, the ubiquitous updates started to arrive! I’m now running Lumia Black. But this does seem to have improved the cellular reception somewhat – I can now make and receive calls in our basement office.

Dropbox Fail!

We use dropbox for some document collaboration. There’s no official DropBox app for WinPhone 8 – this is a major fail at the moment

Day Two

Mixed feelings at the start of day two. I normally listen to a show or two using BBC iPlayer on my drive home. There are couple of patches on my route where I know my iPhone will struggle to get the data, and I’ll get some buffering, not so with the Lumia, it streamed iPlayer as sweet as you’d like all the way. But the starkness of the UI is starting to get to me already! Give me at least a little colour, please? I was all for ditching Skeuompophism, and I really do like the iOS7 UI, but Windows Phone 8 sometimes feels like I’m living in 1970s Eastern Europe.

There’s an app for that – or is there?

Everyone knows the Apple App Sotre has the best selection of apps on it. Or is it Google Play? I’m not getting in to that debate, but the Windows Phone Store is definately devoid of apps. Here’s my list of apps that I’m missing:

DropBox

StarBucks Card

Google Maps

BBC News

There are a plethora of third-party imitation apps for these. I don’t want to put my StarBucks card details in to an ap by Fred Furglebee… All the GameCenter-based games which I played are of couse not available (LetterPress) plus a few other challenge games (QuizUp!) – so it looks like I am going to be using my iPhone for some gaming duties…

Day Three – Metro Fatigue

Oh Metro, you’re so – well bland. Today’s been all about changing accent colours and being thoroughly unimpressed with the look of the UI.

Keyboard Accuracy in Windows Phone 8

I don’t think that the keyboard is very accurate. It takes me a long time to type an email as I’m making so many corrections.

GPS Accuracy

The GPS doesn’t seem to0 be as accurate as the iPhone 5s either. I have seen several occasions when navigating (both with Nokia Drive and Waze) where my location either stops being recognised, or jumps. This is particularly noticeable at Motorway junctions.

Day 4 – travelling!

Day 4 with the Lumia involved a trip to London on the train. The lack of GPS accuracy was really noticeable when trying to navigate my way round the streets of London using Nokia Here maps. I couldn’t even get the compass to calibrate using maps on a city street.

Days S and 6 – the weekend!

The lack of apps has hit me over the weeknd, all the games I really enjoy playing are multiplayer, based round
the iOS GameCenter. Obviouly there’s no interop between the same game on two platforms there,
I’d kind of forgotten that all my music was now in iTunes match and not on my device too, so I’ve not really
got my music any more. Kind of makes it hard to get it on my Lumia.

I’m starting to get really frustrated with my lack of accuracy when using the keyboard on the Lumia too. Is
this just my muscle memory, I’ve used essentially the same keyboard on a phone since the iPhone 3G, am I just
hardwired to an iPhone sized keyboard now?

Days 7 and 8

I’m finding the Office viewers are far better than those on the iPhone, certainly looking at PowerPoint
presentations on the Windows Phone 8 is leaps and bounds better than with the iPhone. But my lack of accuracy
with the keyboard is killing me, I used to be able to rack the emails out on my phone (Currently running at
over 125 emails a day – I rock a lot of emails) but the Lumia doesn’t let me do this. I think there are two
issues.

Firstly as I mentioned previously, my muscle memory, but I don’t think that the autocorrect works as well on
the Windows. ThereTh nothing I can prove here, just a gut feeling.

Day Nine – hello iPhone

This morning I used my iPhone to activate a SIM I’m using when I travel to the USA (Cheap data abroad) – and instantly I felt more accurate in my typing on the iPhone, and even though I’m running a beta build of iOS7.1, it was far more performant.

I decided to do some side-by-side comparisons between teh two platforms. A side-by-side run of Waze idneed showed that the iPhone is faster and more accurate with its GPS than the 925.

As I’m going away and will rely on my phone for email and navigation next week, this has signalled the end of my trial with the 925.

My phone needs to work well for me as its an essential business tool…

]]>

http://www.boxesandarrows.co.uk/30-days-with-a-lumia-925-a-switchers-tale/feed/0High Availability Incoming Email in SharePoint 2013 – a bug!http://www.boxesandarrows.co.uk/high-availability-incoming-email-in-sharepoint-2013-a-bug/
http://www.boxesandarrows.co.uk/high-availability-incoming-email-in-sharepoint-2013-a-bug/#commentsWed, 15 Jan 2014 11:36:26 +0000http://www.boxesandarrows.co.uk/?p=439read more]]>The December 2013 CU for SharePoint foundation cures a bug (or was it a feature???) that’s hampered a few 2013 deployments that we’ve recently been working on. I think it’s worthwhile blogging this – as it has potential to hit a fair few people until the patch gets rolled up in to an official service pack and applied to farms. (Aside – I’m still seeing SP2010 RM farms out there in production environments – shudder)

With SharePoint 2013 pre December 2013 Cumulative Update, what we’d see is that email was only picked up by one member of the farm no matter on how many members we’d start the incoming mail service on. Everything looked rosy, the service was listed as started, yet it just doesn’t do anything, email would stick in the pickup folder and never get processed.

In SharePoint 2010 the Incoming Email Service can run on all servers in a farm. This was great, as we could distribute the processing of inbound email to our SharePoint farm across many members giving us resilience against loss of a member in that farm.

We’d typically do this by defining MX records for incoming email in the following fashion:

When an SMTP service attempted to route an email in to our SharePoint farm it could use either of the server, they had equal priority, and if one wasn’t responding it would try the other. This is exactly the functionality which we wanted – job done.

However, as discussed earlier, when we started to deploy 2013 farms, the incoming email service would only ever work on one server – the job was locked exclusively to one server in the farm. This means that the incoming email flow has the possibility of introducing single points of failure in to an environment without adding a fair bit of extra complexity in to the solution.

When more than one front-end server is set up to process incoming email messages on a SharePoint Server 2013 farm, only one of the servers can process email messages and cannot fail over to any other server.

We’re now rolling this out to our clients who are affected by this in order that their inbound SharePoint email is resilient.

]]>http://www.boxesandarrows.co.uk/high-availability-incoming-email-in-sharepoint-2013-a-bug/feed/0High DPI mode in Chromehttp://www.boxesandarrows.co.uk/high-dpi-mode-in-chrome/
http://www.boxesandarrows.co.uk/high-dpi-mode-in-chrome/#commentsSat, 26 Oct 2013 13:55:32 +0000http://www.boxesandarrows.co.uk/?p=434read more]]>I’ve recently been using a small laptop with a high-res display – 1920×1080 in a 13″ laptop. Not quite Apple ‘Retina’ standards, but running IE11 on Windows 8.1 looks great. However Chrome looks like a blurry bag of spanners, it’s obviously being upscaled rather than natively rendering for a higher-dpi display. Lots of posts on the internets talk about this feature becoming available in Chrome 30 – and that’s what I’m running. Bumgrapes :(.

A little digging through however revealed that the feature has been implemented but it’s not fully ready for mainstream. You can enable this from the command line using the –high-dpi-support=1 command line flag. That’s great for a browsing session started from a shortcut, but I want all my Chrome windows, no matter where the originated from to run in this High DPI mode.

In order to enable this feature for all your chrome sessions, enter chrome://flags in to the chrome address bar. Search this page for High DPI, and you’ll get an option to enable the feature permanently.

It’s obviously not ready for prime-time yet, there are some ragged graphics in the Chrome chrome, and sometimes some weird artefacts in the tab bar, but my text is now rendered nicely and crisply – I’m happy!

]]>http://www.boxesandarrows.co.uk/high-dpi-mode-in-chrome/feed/2Bulk update of User Principal Names in ADhttp://www.boxesandarrows.co.uk/bulk-update-of-user-principal-names-in-ad/
http://www.boxesandarrows.co.uk/bulk-update-of-user-principal-names-in-ad/#commentsTue, 17 Sep 2013 09:12:06 +0000http://www.boxesandarrows.co.uk/?p=423read more]]>Recently I’ve been managing Active Directory on some dev and test environments, and scripted the creation of a large number of users. Unfortunately when creating some users I’d not changed the UPNs as required when moving across environments, and AD happily allowed me to create these users with invalid UPNs. The users had been issued their passwords, so I didn’t want to have to recreate the entire set of users again, so I decided to take to PowerShell and get the UPNs updated.

So here’s a handy little script for you if you ever need to perform a bulk update of UPNs on your Active Directory Users.

]]>http://www.boxesandarrows.co.uk/bulk-update-of-user-principal-names-in-ad/feed/0Host Named Site Collections and SharePoint 2013http://www.boxesandarrows.co.uk/host-named-site-collections-and-sharepoint-2013/
http://www.boxesandarrows.co.uk/host-named-site-collections-and-sharepoint-2013/#commentsTue, 21 May 2013 14:14:50 +0000http://www.boxesandarrows.co.uk/?p=417read more]]>Host Named Site collections were of course available in SharePoint 2010, but weren’t used in many environments, in fact all bar one of the production deployments I’ve been involved with used path-based site collections. This new TechNet Post (and the underlying article by PFE Timo Heidschuster) explain in detail the improvements in HNSC which have been made in SharePoint 2013, and the way in which the old, and some of the new 2013 components interact with these site collections.

I wonder if Central Admin supported creation of Host Named Site Collections rather than path-based ones if we’d get more uptake of these?

]]>http://www.boxesandarrows.co.uk/host-named-site-collections-and-sharepoint-2013/feed/1Testing SQL I/O for SharePointhttp://www.boxesandarrows.co.uk/testing-sql-io-for-sharepoint/
http://www.boxesandarrows.co.uk/testing-sql-io-for-sharepoint/#commentsThu, 16 May 2013 17:52:10 +0000http://www.boxesandarrows.co.uk/?p=406read more]]>I’m currently deploying a newly developed SharePoint extranet for a client on to an environment they have provided. During the initial deployment phase we had some instances where the hypervisor environment stalled completely. My client’s IT support tracked this down to a bad configuration of the iSCSI interface used to connect the (virtual – I’m still not a fan of this; and let’s not talk about both nodes of a SQL HA cluster on the same hypervisor either) SQL cluster to the SAN for storage.

My client worked with their SAN and switch provider and changed some parameters which fixed this stalling issue; but how could I prove this before moving on with my install?

The answer I decided was to stress test the environment with SQLIOSIM. There’s a ton of information out there about SQLIOSIM which I’m not going to repeat, but I thought it would be good to post about some of the more salient points found during my time investigating I/O performance with this tool.

SQLIOSIM isn’t a tool to measure performance.

If you want to measure your SQL I/O performance (and yes, you do!) then use SQLIO. SQLIOSIM is a tool which exercises the I/O subsystem by simulating SQL load, and verifies this for correctness.

Errors are errors!

During our testing we received errors from SQLIOSIM which said that we had outstanding I/O requests which had been outstanding for more than 15 seconds. This is a problem; it’s not caused by saturated storage. On a well-performing system you can saturate your I/O channel without getting these errors. Getting these errors means you need to investigate your I/O path. Our client had to get their issues raised with tech support at the SAN provider in order to start resolving these issue.

Yes – these errors could affect SharePoint

My client was obviously pushing to get their extranet deployed, but we had to delay this until their environment was stable. When it comes to SQL I/O SharePoint is a pretty non-deterministic system. Think of all those timer jobs which may run, and the search crawls which can be running and accessing the database concurrently. Let alone the SQL I/O required to actually load our page and its webparts. The load-stress produced on the I/O subsystem by SQLIOSIM can be achieved in normal operations (one of our demonstration test cases would actually cause a full security crawl to be kicked off whilst a lot of site features were being activated; lots of I/O here).

Conclusion

Any diligent deployment of a SharePoint environment should include measurement of the raw SQL I/O performance to verify that it supports your capacity planning (use SQLIO for this), and also verify that the SQL I/O subsystem is stable, use SQLIOSIM for this, and remember to get all those errors corrected before you hand the environment back to your client.

]]>http://www.boxesandarrows.co.uk/testing-sql-io-for-sharepoint/feed/2Viewing PDF files in Office Web Appshttp://www.boxesandarrows.co.uk/viewing-pdf-files-in-office-web-apps/
http://www.boxesandarrows.co.uk/viewing-pdf-files-in-office-web-apps/#commentsTue, 14 May 2013 12:59:31 +0000http://www.boxesandarrows.co.uk/?p=396read more]]>Office Web Apps are a great addition to a SharePoint environment. Out-of-the-box you get a free solution which allows your users to view the contents of Microsoft Office documents. In the February Cumulative Update for OWA, Microsoft introduced a rather handy feature – the ability to load a PDF file in to the Word Web App. Tucked away in the release notes is this little snippet:

You can display .pdf files in the Word Web App, and you can convert .pdf files to .docs files. To enable this functionality, apply the cumulative update for Office Web App Server 2013 that was released in February 2013. Then, enable the functionality in Microsoft SharePoint Server 2013 by using the following Windows PowerShell cmdlet:

This is a great addition, as it gives your users the ability to view more filetypes in OWA without needing to resort to client software installs. The ability to convert the PDF to a Word document seems pretty handy – once I’ve tried how successful this is I’ll update this post!

]]>http://www.boxesandarrows.co.uk/viewing-pdf-files-in-office-web-apps/feed/0Using Azure Mobile Services to warm-up a websitehttp://www.boxesandarrows.co.uk/using-azure-mobile-services-to-warm-up-a-website/
http://www.boxesandarrows.co.uk/using-azure-mobile-services-to-warm-up-a-website/#commentsThu, 09 May 2013 12:16:42 +0000http://www.boxesandarrows.co.uk/?p=361read more]]>Recently I’ve been working on a website deployed to a shared Website instance on Windows Azure, and some of my testers have said that the site is sometimes really slow to load – in order that the resources are kept to a minimum you’ll find that these websites shutdown after a few minutes inactivity. A classic case where some warm-up scripts are needed, but where’s the best place to deploy these for minimal complexity, keeping the whole solution in Azure. You could configure a virtual machine and run some task management engine on that, but that feels like a lot of overhead just to keep a site alive. Best thing is that we can use this functionality on a free instance of WAMS, therefore incurring no additional cost.

Windows Azure Mobile Services has a scheduling engine which can be used for many tasks, we can deploy a job in to the scheduling engine on a free instance of WAMS (you can only have one scheduled task in the free mode, but we can do a whole load of things in that one task). We don’t really have any opportunity to deploy a complex schedule model, but that’s fine as we can simply keep our site alive every 15 minutes (that’s the minimum granularity WAMS task scheduling allows us). The following code shows how we can call our website from WAMS and make sure it’s alive:

Creating the Service

Firstly – you need to create an Azure Mobile Service. From the Windows Azure Portal, select Add, You’ll get the following window up – create a Mobile Service:.

Create a Mobile Service

You’ll then get the opportunity to name your service, and select which region you wish your service to run in. If you’re already running some websites that you want to warm-up, you should keep your mobile services in the same region.

Create a Mobile Service

You’ll see that the service creation wants to use a database; for a simple warm-up scheduler you’ll not need to actually consume any database resource, if you already have a SQL database then simply link to that – you’ll need to provide the credentials for your database.

Database Settings

When you’ve selected finish, your service will be created, and will become available in your Windows Azure Portal. If you click on the Scheduler tab when you’re looking at this service you get the opportunity to create a schedule.

Create A Scheduled Job

You can then name your job, and set the schedule. The schedule definition isn’t complex, and the minimum granularity is 15 minutes, but this provides us with all we need to run our simple warm-up.

You can only add one scheduled service for a free instance of a Mobile Service, but you can warm-up many sites in one script.

Create Job Detail

Once the schedule has been created, you can edit the script that’s run each time the scheduler is called.

Azure Script Editor

Here you can edit the script that you’ll run when the scheduler is called. You’ll notice that there’s an enable button on the bottom of this page. Don’t forget to enable your script before you finish!

Monitoring your schedule’s progress

You’ll notice in the code snippet at the top of this post that there are calls to console.info() and console.warn() – where does the output of this logging go? If you click on the Logs tab at the top of the page you’ll see all the output of the logging we have collected.

View Logs

What next?

In my next post I’m going to show you how to use the Push notifications service in WAMS to send an alert to your mobile device if your site fails to respond to the warm-up properly, providing you with a very easy and convenient way of monitoring your site’s availability, and also how to warm-up other components in your infrastructure.

]]>http://www.boxesandarrows.co.uk/using-azure-mobile-services-to-warm-up-a-website/feed/1Search Architecture changes in SharePoint 2013http://www.boxesandarrows.co.uk/search-architecture-changes-in-sharepoint-2013/
http://www.boxesandarrows.co.uk/search-architecture-changes-in-sharepoint-2013/#commentsWed, 27 Feb 2013 11:34:55 +0000http://www.boxesandarrows.co.uk/?p=357I wasn’t able to make the SUGUK meeting focussed on Search which was held yesterday evening, which was a shame as Neil Hodgkinson was presenting – and if there’s anything that Neil doesn’t know about search – it’s not worth knowing! Fortunately Neil has placed his slides on SkyDrive, they’re well worth a look.
]]>http://www.boxesandarrows.co.uk/search-architecture-changes-in-sharepoint-2013/feed/0